1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
Content:
* About KMyFirewall
* Release Notes
* Hacking
* Packaging
* Reporting Bugs
* Contact
About KMyFirewall
-----------------
KMyFirewall attempts to make it easier to setup IPTables based firewalls on
Linux systems. It will be the right tool if you like to have a so called
"Personal Firewall" running on your Linux box, but don't have the time and/or
the interest to spend hours in front of the IPTables manual just to setup a
Firewall that keeps the "bad" people out.
There is also the possibility to save entire rule sets, so you only have to
configure your rule set one time and then you can use it on several computers
giving each of them a similar configuration (p.e. school networks, office,
university etc.). For a complete list of the features have a look at the
Features section
Programs can't do any magic so you still will have to know what your firewall
should do to setup your rule set. KMyFirewall just tries to help you as much as
possible, but you decide what it will do.
Release Notes
-------------
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Important: As the file format used to save the rulesets has changed, !!!
!!! rulesets created with KMF < 1.0beta1 WILL NOT work, don't even try it! !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Since the last stable release KMF has been completely rewritten in order to be
even more flexible and on the other hand easier to use.
New plugin framework
Most parts of the application has been rewritten introducing a plugin framework
that allows to add new IPTables rule option editors to be written within a few
hours (well maybe days depends on the options complexity :). This will allow
us (and contributors) to easily implement the fast growing number of IPTables
ruleoptions without the need of understanding the whole application.
The backend generating the IPTables rules itself has been extended to allow the
registration of new rule options by defining them in an XML description file.
For a detailed description about how to write such plugins have a look at the
application handbook in the current CVS version. So feel free to contribute
plugins, there are lots of options still not implemented.
New Easy-To-Use platform independant interface
As I often got mails complaining about the to complex nature of KMF and the
very limited possibilities the wizard provides i simply removed the wizard and
implemented a completely new interface.
Features of the new Interface
As the new interface works on an abstract descrioption of the generated rules
the new plugin structure allows us top implement script compilers that support
other firewalling backends than just netfilter/iptables.
To support a new tool kit it is required to write a compiler and an installer
plugin for the new framework. Currently just the iptables/linux compiler and
installer is implemented. As with the rule option plugins of the IPTables
interface it shouldn't bee too much work to develop those plugins.
IPTables vs. Generic interface
The main difference between those two interfaces is that the new Generic
Interface is OS and toolkit independant while the IPTables interface is an
improved version of the well known KMF GUI and therefore tight bound to the
netfiler/iptables toolkit and can therefore only be used with Linux as
operating system.
Why two different interfaces?
Especially when concerning security related applications you (as developer)
need to decide if you like to build an application used by expert users (e.g.
experienced system administrators) or if you like to provide a tool that
everybody can handle.
It hasn't been an easy decision to implement one interface for each user group
but after pondering about concepts to merge those two requirements into one
interface we decided that it is much better to seperate them. This allows us
to concentrate on the wishes and wanted features for each of the user groups.
Reporting Bugs
--------------
If you found a bug in please do not hesitate to drop an e-mail to
[email protected] or use the "Report Bug..." dialog from the Help menu.
Hacking
-------
As you can see this thing gets quiet big so every kind of help
(coding, docs, translations) is very welcome. Please don't hesitate to contact me
([email protected]) if you have some ideas, patches, wishes or whatever.
To ease the development for writing KMyFirewall plugins i've wrote a small
howto about implementing such plugins which may be a good starting point for
getting involved in the development process. It can be found in menu "Help ->
KMyFirewall Handbook" in the Development section or have a look at the project
website at http://kmyfirewall.sourceforge.net
Packaging
---------
If you are intereseted in packagin KMyFirewall do not hesitate to contact me.
As my time is quite linited i cannot package KMF on my own so if you like to
you will be very welcome. Just drop me an e-mail
Contact
-------
Do not hesitate to contact me via e-mail at [email protected] if you have
questions, problems or what ever concerning KMyFirewall.
For the latest news about KMyFirewall have a look at
http://kmyfirewall.sourceforge.net
|